Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Late last night, a surprise attack occured on the site when an unknown individual was able to gain administrative access to the bulletin board for a short period of time. Before we were able to react, he (or she) changed many forum names and descriptions, demoted all the moderators and administrators, and began a mass-deletion of private messages. The attacker almost certainly intended to delete all posts as well, but Vamp's quick reaction allowed us to save most of our data.

We had to take our server offline in the immediate aftermath of the attack to prevent further damage. During this downtime we retrieved as much data as possible from backups, repaired and rebuilt our databases, and began looking into the nature of the exploit.

Unfortunately, many private messages sent in the past week could not be recovered. For this we truly apologize. Know that we did everything possible to retrieve as much lost data as possible, and we have taken several effective steps to secure our server against similar attacks until we can track down the exact nature of the problem. The entire team is focused on doing whatever is necessary to protect the Shroomery and we appreciate your understanding during this time.

If anyone has questions about the situation, the admins will do our best to answer them but it may take a while for the full picture to emerge.

You guys rock! Even thought you guys were only offline for a short time, I missed this place. I come here for several reasons. One being the information I gain from the site, another is the enjoyment from reading some of the off the wall topics. Crazy stuff! The most important though, are the people. I love the people here. Some have brought me comfort, happiness, sadness and a feeling of belonging to something special. I met my current boyfriend off his site! For me, the shroomery is not just some website I visit, it's family, a home to go to. The Shroomery is forever!

So thank you so much! This place is forever "logged" into my heart!

--------------------The secret to being funny is to say smart things stupidly, or is it stupid things smartly? Whatever..it's not rocket surgery...or something like that.

i really hope you guys get this wanker. i lost a few valuable pms, but that's nothing in the grand scheme of things.

i googled "sardak" and this is what it shows. there are a few different "sardak" profiles on different boards. this may not help you find him, but i thought i'd throw it out there anyway. maybe there is something you can do with it.

--------------------

Anno cock? is that some kind of Greek liqueur? -Geo's All Knowing Sex Slave

I'd just like to add that we've had a couple member accounts lost, which we'll need to re-instate. So far, I know we've lost both Bo0 and Fuman(SporeSure). If anyone knows of any other member accounts which has been lost, please let us know who they are, so we can work to re-instate them. Thanks.

Okay I think I should have restored almost all (if not all) deleted accounts, but their old posts will still show up as anonymous unless I can figure out some clever way to tie them back to their original poster. There were about 10,000 accounts gone so it apparently wasn't targeted towards specific users. However, he did manually ban three accounts: 'Administrator', 'matts' and 'Suntzu' (in that order). What this means is open to interpretation.

Vamp has identified the bug which we think we used to exploit the BB, and as I type this Anno is working to fix it. Hopefully things should be getting back to normal soon.

Fortunately, you can't find out someone's password through the admin interface. You can change it to something else, but if you're able to log in then your password wasn't changed and you should be safe. Still, this should serve as a reminder that there are people out there who will take any opportunity to fuck with us so if you have an insecure password, now would be a good time to change it to something more complex.

That's true, but only the password's MD5 hash is stored in the DB which would make it a lot harder to determine what the original password was.

However, if the attacker did get a copy of the users table, Anno uncovered an exploit which might let him gain access to accounts without needing their password. Since changing your password will make you immune to this exploit, I'm reversing my advice. I may make it mandatory after addressing some of the more pressing issues.